{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3201", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-02-25T14:35:36.231Z", "datePublished": "2026-02-25T14:35:50.969Z", "dateUpdated": "2026-03-27T13:56:59.581Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThan": "4.6.4", "status": "affected", "version": "4.6.0", "versionType": "semver"}, {"lessThan": "4.4.14", "status": "affected", "version": "4.4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u9f50\u67ef\u5b87 (Qi Kery)"}], "descriptions": [{"lang": "en", "value": "USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1325", "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-03-27T13:56:59.581Z"}, "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-05.html"}, {"name": "GitLab Issue #20972", "tags": ["issue-tracking", "permissions-required"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20972"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.4 or above"}], "title": "Improperly Controlled Sequential Memory Allocation in Wireshark"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T20:56:19.264170Z", "id": "CVE-2026-3201", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T20:56:34.266Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3201", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T20:56:19.264170Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T20:56:26.556Z"}}], "cna": {"title": "Improperly Controlled Sequential Memory Allocation in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "\u9f50\u67ef\u5b87 (Qi Kery)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.4", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.4 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-05.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20972", "name": "GitLab Issue #20972", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1325", "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-02-25T14:35:50.969Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3201", "state": "PUBLISHED", "dateUpdated": "2026-02-25T20:56:34.266Z", "dateReserved": "2026-02-25T14:35:36.231Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-02-25T14:35:50.969Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFACEDB6-42A3-4BC9-99F1-ABC9725C6954", "versionEndExcluding": "4.4.14", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "D75CCBC1-40C7-48D9-A33A-6260390864A4", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service"}], "id": "CVE-2026-3201", "lastModified": "2026-02-26T14:49:01.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-25T15:20:55.617", "references": [{"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20972"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2026-05.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1325"}], "source": "cve@gitlab.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark", "id": "2442641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442641"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1325", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "If the USB HID protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2026-3201", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-25T14:35:50Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3201\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3201\nhttps://gitlab.com/wireshark/wireshark/-/issues/20972\nhttps://www.wireshark.org/security/wnpa-sec-2026-05.html"], "statement": "This issue will cause a crash in Wireshark with no other security impact. Also, this flaw can only be exploited when a malformed pcap file is processed. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.6.0,4.6.4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.4.0,4.4.14)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Wireshark", "source": "cna", "vendor": "Wireshark Foundation"}, "product": "wireshark", "vendor": "wireshark"}], "analysis": {"en": {"generated_at": "2026-04-16T06:07:52.820693+00:00", "value": {"mitigation_remediation": ["Upgrade Wireshark to version 4.6.4 or later.", "If an immediate upgrade is not possible, disable the USB HID dissector in the Wireshark preferences to stop processing HID packets.", "Restrict physical access to USB HID devices on systems running Wireshark, ensuring only trusted devices are connected while the application is in use."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Vulnerable releases include Wireshark 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13, distributed by the Wireshark Foundation. No other versions or products are affected according to the CNA data.", "description_and_impact": "Wireshark's USB HID protocol dissector allocates memory sequentially without proper control, leading to memory exhaustion when parsing large or malformed HID packets. An attacker who can supply such packets to Wireshark can trigger a crash, resulting in a denial of service that disrupts the utility\u2019s availability. The weakness corresponds to CWE\u20111325 (Improper Input Handling) and CWE\u2011770 (Maximum Resource Consumption).", "risk_and_exploitability": "With a CVSS score of 4.7 and an EPSS below 1\u202f%, the current likelihood of exploitation is considered low, and the issue is not listed in CISA\u2019s KEV catalog. However, the exploit requires the attacker to have the ability to inject crafted USB HID traffic into a running Wireshark instance; the attack vector is therefore presumably local. Once the malicious packets are processed, Wireshark will terminate, denying service to the user and potentially disrupting any monitoring processes that depend on it. Because the CVSS base score reflects only local impact, organizations running critical monitoring should still consider the vulnerability noteworthy."}}}}, "created": "2026-02-26T13:17:58.989482+00:00", "updated": "2026-04-16T06:15:26.912836+00:00", "vendors": ["wireshark", "wireshark$PRODUCT$wireshark"]}